diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8537188 --- /dev/null +++ b/flake.nix @@ -0,0 +1,46 @@ +{ + description = ""; + + inputs.nixpkgs.follows = "clan-core/nixpkgs"; + inputs.clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + + outputs = { self, + clan-core, + ... }@inputs: + let + # Usage see: https://docs.clan.lol + clan = clan-core.lib.buildClan { + directory = self; + # Ensure this is unique among all clans you want to use. + meta.name = "phahgeoc2NoN9ufeithohfeiY1quuuSe9ahNaich"; + + # Prerequisite: boot into the installer. + # See: https://docs.clan.lol/getting-started/installer + # local> mkdir -p ./machines/machine1 + # local> Edit ./machines//configuration.nix to your liking. + machines = { + # The name will be used as hostname by default. + bingus = { }; + }; + }; + in + { + # All machines managed by Clan. + inherit (clan) nixosConfigurations clanInternals; + # Add the Clan cli tool to the dev shell. + # Use "nix develop" to enter the dev shell. + devShells = + clan-core.inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + "x86_64-darwin" + ] + (system: { + default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell { + packages = [ clan-core.packages.${system}.clan-cli ]; + }; + }); + }; +} diff --git a/machines/jon/configuration.nix b/machines/jon/configuration.nix new file mode 100644 index 0000000..a675ce8 --- /dev/null +++ b/machines/jon/configuration.nix @@ -0,0 +1,35 @@ +{ + imports = [ + # contains your disk format and partitioning configuration. + ../../modules/disko.nix + # this file is shared among all machines + ../../modules/shared.nix + # enables GNOME desktop (optional) + ../../modules/gnome.nix + ]; + + # This is your user login name. + users.users.user.name = ""; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = "root@"; + + # You can get your disk id by running the following command on the installer: + # Replace with the IP of the installer printed on the screen or by running the `ip addr` command. + # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__"; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = [ + '' + __YOUR_SSH_KEY__ + '' + ]; + + # Zerotier needs one controller to accept new nodes. Once accepted + # the controller can be offline and routing still works. + clan.core.networking.zerotier.controller.enable = true; +} diff --git a/machines/jon/hardware-configuration.nix b/machines/jon/hardware-configuration.nix new file mode 100644 index 0000000..d284606 --- /dev/null +++ b/machines/jon/hardware-configuration.nix @@ -0,0 +1,14 @@ +# Replace this file with an actual hardware-configuration.nix! +throw '' + Did you forget to generate your hardware config? + + Run the following command: + + 'clan machines update-hardware-config ' + + OR: + + 'ssh root@ nixos-generate-config --no-filesystems --show-hardware-config > hardware-configuration.nix' + + And manually replace this file with the generated "hardware-configuration.nix". +'' diff --git a/machines/sara/configuration.nix b/machines/sara/configuration.nix new file mode 100644 index 0000000..b68885d --- /dev/null +++ b/machines/sara/configuration.nix @@ -0,0 +1,34 @@ +{ + imports = [ + ../../modules/disko.nix + ../../modules/shared.nix + # enables GNOME desktop (optional) + ../../modules/gnome.nix + ]; + # Put your username here for login + users.users.user.name = ""; + + # Set this for clan commands use ssh i.e. `clan machines update` + # If you change the hostname, you need to update this line to root@ + # This only works however if you have avahi running on your admin machine else use IP + clan.core.networking.targetHost = "root@"; + + # You can get your disk id by running the following command on the installer: + # Replace with the IP of the installer printed on the screen or by running the `ip addr` command. + # ssh root@ lsblk --output NAME,ID-LINK,FSTYPE,SIZE,MOUNTPOINT + disko.devices.disk.main.device = "/dev/disk/by-id/__CHANGE_ME__"; + + # IMPORTANT! Add your SSH key here + # e.g. > cat ~/.ssh/id_ed25519.pub + users.users.root.openssh.authorizedKeys.keys = [ + '' + __YOUR_SSH_KEY__ + '' + ]; + /* + After jon is deployed, uncomment the following line + This will allow sara to share the VPN overlay network with jon + The networkId is generated by the first deployment of jon + */ + # clan.core.networking.zerotier.networkId = builtins.readFile ../jon/facts/zerotier-network-id; +} diff --git a/machines/sara/hardware-configuration.nix b/machines/sara/hardware-configuration.nix new file mode 100644 index 0000000..e4db1a9 --- /dev/null +++ b/machines/sara/hardware-configuration.nix @@ -0,0 +1,10 @@ +# Replace this file with an actual hardware-configuration.nix! +throw '' + Did you forget to generate your hardware config? + + Run the following command: + + 'ssh root@ nixos-generate-config --no-filesystems --show-hardware-config > hardware-configuration.nix' + + Then replace this file with the generated "hardware-configuration.nix". +'' diff --git a/modules/disko.nix b/modules/disko.nix new file mode 100644 index 0000000..d428648 --- /dev/null +++ b/modules/disko.nix @@ -0,0 +1,61 @@ +{ + lib, + clan-core, + config, + ... +}: + +let + suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; +in +{ + imports = [ + clan-core.clanModules.disk-id + ]; + + # DO NOT EDIT THIS FILE AFTER INSTALLATION of a machine + # Otherwise your system might not boot because of missing partitions / filesystems + boot.loader.grub.efiSupport = lib.mkDefault true; + boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; + disko.devices = { + disk = { + "main" = { + # suffix is to prevent disk name collisions + name = "main-" + suffix; + type = "disk"; + # Set the following in flake.nix for each maschine: + # device = ; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + "ESP" = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; + }; + "root" = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + # format = "btrfs"; + # format = "bcachefs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/gnome.nix b/modules/gnome.nix new file mode 100644 index 0000000..bcbc5a1 --- /dev/null +++ b/modules/gnome.nix @@ -0,0 +1,5 @@ +{ + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; +} diff --git a/modules/shared.nix b/modules/shared.nix new file mode 100644 index 0000000..16a33e3 --- /dev/null +++ b/modules/shared.nix @@ -0,0 +1,29 @@ +{ config, clan-core, ... }: +{ + imports = [ + # Enables the OpenSSH server for remote access + clan-core.clanModules.sshd + # Set a root password + clan-core.clanModules.root-password + clan-core.clanModules.user-password + clan-core.clanModules.state-version + ]; + + # Locale service discovery and mDNS + services.avahi.enable = true; + + # generate a random password for our user below + # can be read using `clan secrets get -user-password` command + clan.user-password.user = "user"; + users.users.user = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + uid = 1000; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + }; +}